[OpenSER-Users] call failed 403 forbiden
luzango mfupe
luzango.mfupe at gmail.com
Thu May 22 12:56:43 CEST 2008
Hi mates,
I still need your pointers regarding my problem in this post, today i have
attached the routes suspected to be involved in this saga. From my config
file plz see below.
# -----------------------------------------------------------------
# Unauthorized relay
# -----------------------------------------------------------------
if (!is_uri_host_local()) {
if (is_from_local()) { # We prevent unauthorised
relays "clever guys we got u"
append_hf("P-hint: outbound\r\n");
route(10);
# need to be authenticated
} else {
sl_send_reply("403", "Forbidden");
};
return;
};
route[10] {
#-------------------------------------------------------------
# Default Message Handler with Proxy Authentication
# -----------------------------------------------------------------
if(method=="ACK") { #these you never proxy authenticate
route(1);
return;
};
if(method=="BYE" || method=="CANCEL") { #these you never proxy
authenticate
route(1);
return;
};
xlog("L_INFO", "Proxy auth $fd $dP destination:$du $dd $ds");#
if (!route(7)) { #verify the user
return(0);
};
if (!is_user_in("From", "noauth")) { #no authentication required
if (!proxy_authorize("","subscriber")) {
proxy_challenge("","0");
return;
} else if (!check_from()) {
sl_send_reply("403", "Use From=ID");
return;
};
# consume_credentials();
};
# if (is_user_in("Credentials", "local")) { # Uncomment to use
the group options
route(1);
# }else{
# sl_send_reply("403", "Busted!!!, you are not allowed this
route");
# };
return;
}
With Best Regards,
LU.
>
> Message: 3
> Date: Tue, 20 May 2008 17:38:50 +0200
> From: "luzango mfupe" <luzango.mfupe at gmail.com>
> Subject: [OpenSER-Users] Call failed 403 Forbiden
> To: users at lists.openser.org
> Message-ID:
> <9cdd611a0805200838oc11cfedg9762b7451bf543c4 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi mates,
> Everytime i do try to make my 2 xlite clients talk (which i correctly added
> them into the database), i encountered with the same problm, Openser
> perfoms
> authentication and return call failed 403 forbiden signal.
>
> My setup comprise of the first box with openser 1.3 and mediaproxy the
> second box with Mysql and two Xlite clients in two other boxes all are in
> an
> internal network, as far as am concerned my NetAdmin have already opened
> ports 5060 and 3306 for me. I need your right direction on this probm.
> below is my ngrep snapshot
>
> mzee:/# ngrep -d eth1 -W byline port 5060
> interface: eth1 (168.172.200.0/255.255.255.0)
> filter: (ip or ip6) and ( port 5060 )
> #
> U 168.172.200.70:1824 -> 168.172.200.87:5060
> INVITE sip:musketeerm at 168.172.200.87 <sip%3Amusketeerm at 168.172.200.87> <
> sip%3Amusketeerm at 168.172.200.87 <sip%253Amusketeerm at 168.172.200.87>
> >SIP/2.0.
> Via: SIP/2.0/UDP 168.172.200.70:1824
> ;branch=z9hG4bK-d87543-ef08fb62b30f1a54-1--d87543-.
> Max-Forwards: 70.
> Contact: <sip:dreamteam at 168.172.200.70:1824>.
> To: "musk"<sip:musketeerm at 168.172.200.87 <sip%3Amusketeerm at 168.172.200.87><
> sip%3Amusketeerm at 168.172.200.87 <sip%253Amusketeerm at 168.172.200.87>>>.
> From: "dream"<sip:dreamteam at 168.172.200.87<sip%3Adreamteam at 168.172.200.87><
> sip%3Adreamteam at 168.172.200.87 <sip%253Adreamteam at 168.172.200.87>>
> >;tag=af4bd714.
> Call-ID: OTAyNWJhOTdiZjBlNmUwNDYyZWI0YzdkM2JhZTUxMTU..
> CSeq: 1 INVITE.
> Session-Expires: 95.
> Min-SE: 90.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
> SUBSCRIBE,
> INFO.
> Content-Type: application/sdp.
> Supported: timer.
> User-Agent: X-Lite release 1011s stamp 41150.
> Content-Length: 426.
> .
> v=0.
> o=- 9 2 IN IP4 168.172.200.70.
> s=CounterPath X-Lite 3.0.
> c=IN IP4 168.172.200.70.
> t=0 0.
> m=audio 52166 RTP/AVP 107 119 100 106 0 105 98 8 101.
> a=alt:1 1 : uZB2dYm+ NKBRK8Ep 168.172.200.70 52166.
> a=fmtp:101 0-15.
> a=rtpmap:107 BV32/16000.
> a=rtpmap:119 BV32-FEC/16000.
> a=rtpmap:100 SPEEX/16000.
> a=rtpmap:106 SPEEX-FEC/16000.
> a=rtpmap:105 SPEEX-FEC/8000.
> a=rtpmap:98 iLBC/8000.
> a=rtpmap:101 telephone-event/8000.
> a=sendrecv.
> #
> U 168.172.200.87:5060 -> 168.172.200.70:1824
> SIP/2.0 403 Forbidden.
> Via: SIP/2.0/UDP 168.172.200.70:1824
> ;branch=z9hG4bK-d87543-ef08fb62b30f1a54-1--d87543-.
> To: "musk"<sip:musketeerm at 168.172.200.87 <sip%3Amusketeerm at 168.172.200.87><
> sip%3Amusketeerm at 168.172.200.87 <sip%253Amusketeerm at 168.172.200.87>>
> >;tag=9a17bd4180f96d7136f8b30b25c6947e.d7e9.
> From: "dream"<sip:dreamteam at 168.172.200.87<sip%3Adreamteam at 168.172.200.87><
> sip%3Adreamteam at 168.172.200.87 <sip%253Adreamteam at 168.172.200.87>>
> >;tag=af4bd714.
> Call-ID: OTAyNWJhOTdiZjBlNmUwNDYyZWI0YzdkM2JhZTUxMTU..
> CSeq: 1 INVITE.
> Server: OpenSER (1.3.0-notls (i386/linux)).
> Content-Length: 0.
> .
> #
> U 168.172.200.70:1824 -> 168.172.200.87:5060
> ACK sip:musketeerm at 168.172.200.87 <sip%3Amusketeerm at 168.172.200.87> <
> sip%3Amusketeerm at 168.172.200.87 <sip%253Amusketeerm at 168.172.200.87>>
> SIP/2.0.
> Via: SIP/2.0/UDP 168.172.200.70:1824
> ;branch=z9hG4bK-d87543-ef08fb62b30f1a54-1--d87543-.
> To: "musk"<sip:musketeerm at 168.172.200.87 <sip%3Amusketeerm at 168.172.200.87><
> sip%3Amusketeerm at 168.172.200.87 <sip%253Amusketeerm at 168.172.200.87>>
> >;tag=9a17bd4180f96d7136f8b30b25c6947e.d7e9.
> From: "dream"<sip:dreamteam at 168.172.200.87<sip%3Adreamteam at 168.172.200.87><
> sip%3Adreamteam at 168.172.200.87 <sip%253Adreamteam at 168.172.200.87>>
> >;tag=af4bd714.
> Call-ID: OTAyNWJhOTdiZjBlNmUwNDYyZWI0YzdkM2JhZTUxMTU..
> CSeq: 1 ACK.
> Content-Length: 0.
>
> WBR,
> LU.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20080522/c411b3c0/attachment.htm>
More information about the sr-users
mailing list